This presentation will discuss real world examples of ransomware attacks against enterprise customers. We will explain the newest tactics attackers use to infiltrate enterprises and install threats, including the use of psexec and TeamViewer with stolen credentials. We will highlight methods deployed by ransomware targeted towards corporate environments, such as encrypted web files and database entries. Different use cases for ransomware, including cases where it has been used as a diversion or to cover the attacker's tracks, will be assessed in order to better understand the issue.

While trying to figure out how Swisscom controls all of it's home-based routers through their own website, we stumbled onto a series of vulnerabilities in the Centro Grande router which when combined could lead to remote code execution.We started by obtaining the router's firmware to investigate how the CWMP protocol was used to manage them, but quickly moved to other aspects of the firmware in order to discover serious flaws...

SAP Security... This twilight zone of responsibilities, expertise and complexity within many large organisations. SAP is improving their software, documentation and security guides and customers are increasingly more aware that work needs to be done in this field....

In 2000, port 80 was one of the few ports opened on firewall, HTTP request and response became the best attack vector to compromise an organisation. Web applications were powered by Apache, with mostly some static content, and few dynamic execution. To block this new kind of attacks, Web application firewall have been created to defend web applications, with more or less success.

Self driving cars or IA assisted machines in hospitals are not the future, they already exists. Robots are not standard machines as they do not simply execute orders but also decide by themselves. They are not human being with their own liability either. Should they be given a specific legal personality or should someone else be responsible? And who should be that person: the custodian, the owner, the manufacturer?

Thursday Nov 3, 2016

In spite of being central to everything that is going on in IT security, the concept of "exploit" is surprisingly poorly formalized and understood only on an intuitive level by security practitioners. This lack of clear definition has all sorts of negative side-effects: From ineffictive teaching to muddled thinking about mitigations.

In this talk, I will make an attempt to more clearly define what it is that attackers do when they write an exploit - and then talk about what this means for mitigations and secure coding.

Indicators of compromise (IOC) were once a useful tool in the fight against APTs; however, irrespective of how fast they are obtained or how many are available they are steadily losing their value. While IOCs may still prove useful in combating common cybercriminal attacks, sophisticated attacks in their current form are another matter completely....

Since the end of 2015 the news start to get filled with a growing number of news about mobile malware and for some part a surprise: iOS malware. In a way this is in contradiction with Verizon DBIR 2015 report that stated that iOS malware was almost non-existent but several malware families targeting iOS have been discovered lately.

The Security Assertion Markup Language (SAML) provides a framework for cross-domain single sign-on in the enterprise field ... with a single point of failure; what if you could break it? In this talk we will first discuss the benefits of SAML by presenting two showcases of Swiss institutions that heavily rely on this technology.

During the design, the implementation and the integration of an IoT product, many questions arise about the reliability and security of wireless communications. One of the most used, long-range, IoT protocol, Sigfox, is proprietary with no specification nor security review. We will explain all the internals of this protocol that we have reverse-engineered...

Mobile messaging applications have recently switched to end-to-end encryption, including the most popular ones like WhatsApp. With debates at the government level to ask for backdoors, those tools are perceived as unbreakable. Yet, most of the implementations use the phone number as the identifier and blindly trust ...

For over a year now Swisscom runs its own Bug Bounty Program and has chosen to follow a different approach than many of the other well known programs. Learn what it takes to set up the program, keep it running in a highly diverse environment and deal with

During this talk the IMSI-Catchers will be demystified and a new technique will be presented that allows an attacker to intercept a GSM communication even on fully protected networks (padding randomization, SI randomization, authenticated calls/SMS/paging, obfuscated IMSIs in HLRs, etc.)...